Friday, May 16, 2025

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Cloud Security Data Security SBN News Security Bloggers Network 

Home » Cybersecurity » Cloud Security » Insurance Software Provider Exposed Clients’ Data Stored on S3 Bucket

SBN

Insurance Software Provider Exposed Clients’ Data Stored on S3 Bucket

by David Bisson on May 30, 2018

An insurance software provider exposed clients’ sensitive data that it had stored on an Amazon Simple Storage Solution (S3) bucket.

Andrew Lech, founder of AgentRun, confirmed the breach in an email sent out to the insurance agency management software company’s clients. As quoted by ZDNet:

Techstrong Gang Youtube
AWS Hub

We were migrating to this bucket during an application upgrade and during the migration the permissions on the bucket were erroneously flipped.

At the time of discovery, the S3 bucket in question lacked password protection and was accessible to anyone. A bad actor could have therefore examined its contents, which included medical information, financial details and insurance policy documents. Many of those items contained people’s personally identifiable information (PII) including their names, addresses, dates of birth, phone numbers, Social Security Numbers, Medicare cards and even their bank checks in a few instances.

In total, the leak compromised thousands of files involving Cigna, TransAmerica, SafeCo Insurance, Schneider Insurance, Manhattan Life and Everest.

The insurance software provider closed the leaky bucket within an hour of disclosure.

AgentRun wasn’t the first victim of an S3 storage breach. In 2017, the Pentagon, Verizon, the National Federal Credit Union and others all suffered similar incidents.

To prevent a S3 storage breach, many organizations now realize the importance of evaluating the configuration settings for their S3 buckets and other cloud-based storage assets. Some methods aren’t as effective as others. Manual evaluation processes, for example, often require lots of time and resources, and they can still miss crucial gaps.

Organizations shouldn’t leave anything up to chance when it comes to their S3 buckets. Instead they should look into a solution like Tripwire’s Cloud Management Assessor that automatically checks to see if any S3 storage files are exposed.

Learn more about how Tripwire’s solution helps secure S3 buckets (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cloud/insurance-software-provider-exposed-clients-data-stored-on-s3-bucket/

May 30, 2018May 30, 2018 David Bisson Cloud, data, Latest Security News, S3
  • ← Semafone Guides Contact Centers Through Changing Regulatory Compliance Landscape
  • Network Security: FireMon Acquires Lumeta to Visualize Connections →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Software Supply Chain Security: Navigating NIST, CRA, and FDA Regulations
Is DevEx the Same as DevSecOps?

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

ThreatLocker

Most Read on the Boulevard

GenAI’s New Attack Surface: Why MCP Agents Demand a Rethink in Cybersecurity Strategy
Encrypt AI, Protect Your IP: DataKrypto Tackles the LLM Security Crisis While Redefining What Encryption Should Be
Security Gamechangers: CrowdStrike’s AI-Native SOC & Next Gen SIEM Take Center Stage at RSAC 2025
Firewall Rule Bloat: The Problem and How AI can Solve it
Cybersecurity’s Early Warning System: How Live Network Traffic Analysis Detects The ‘Shock Wave’ Before the Breach ‘Tsunami’ 
News Alert: INE Security outlines top 5 training priorities emerging from RSAC 2025
0-Click NTLM Auth Bypass Exposes Legacy Microsoft Systems
Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400)
The Security Gap JPMorgan Chase’s CISO Didn’t Mention — And Why It’s in Your Browser
India-Pakistan Conflicts Escalating: Military Operations and DDoS Attacks Making Targeted Strikes

Industry Spotlight

Warning to US Retail: ‘Scattered Spider’ Targets YOU (with DragonForce Ransomware)
Analytics & Intelligence Cloud Security Cybersecurity Data Privacy Data Security DevOps Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Warning to US Retail: ‘Scattered Spider’ Targets YOU (with DragonForce Ransomware)

May 15, 2025 Richi Jennings | Yesterday 0
As US CVE Database Fumbles, EU ‘Replacement’ Goes Live
Application Security Cloud Security Cyberlaw Cybersecurity Data Privacy Data Security DevOps Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Industry Spotlight IoT & ICS Security Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threats & Breaches Vulnerabilities 

As US CVE Database Fumbles, EU ‘Replacement’ Goes Live

May 14, 2025 Richi Jennings | 1 day ago 0
SMBs Know They’re At Risk, but Most Aren’t Embracing AI
Cloud Security Cybersecurity Data Privacy Data Security Endpoint Featured Industry Spotlight Malware Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence 

SMBs Know They’re At Risk, but Most Aren’t Embracing AI

May 8, 2025 Jeffrey Burt | May 08 0

Top Stories

DHS Cancels $2.4 Billion Leidos Contract, Cites Changes at CISA
Cyberlaw Cybersecurity Featured Governance, Risk & Compliance Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

DHS Cancels $2.4 Billion Leidos Contract, Cites Changes at CISA

May 15, 2025 Jeffrey Burt | Yesterday 0
Apple Device Users Can File Claims in $95 Million Siri Spying Settlement
Cloud Security Cyberlaw Cybersecurity Data Privacy Data Security Featured Governance, Risk & Compliance Mobile Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

Apple Device Users Can File Claims in $95 Million Siri Spying Settlement

May 13, 2025 Jeffrey Burt | 2 days ago 0
CISO Survey Surfaces Shift in Application Security Responsibilities
Cybersecurity Featured News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

CISO Survey Surfaces Shift in Application Security Responsibilities

May 13, 2025 Michael Vizard | 2 days ago 0

Security Humor

A spider from above

Warning to US Retail: ‘Scattered Spider’ Targets YOU (with DragonForce Ransomware)

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2025 Techstrong Group Inc. All rights reserved.
×

Security in AI

Step 1 of 7

14%
How would you best describe your organization's current stage of securing the use of generative AI in your applications?(Required)
Have you implemented, or are you planning to implement, zero trust security for the AI your organization uses or develops?(Required)
What are the three biggest challenges your organization faces when integrating generative AI into applications or workflows? (Select up to three)(Required)
How does your organization secure proprietary information used in AI training, tuning, or retrieval-augmented generation (RAG)? (Select all that apply)(Required)
Which of the following kinds of tools are you currently using to secure your organization’s use of generative AI? (select all that apply)(Required)
How valuable do you think it would it be to have a solution that classifies and quantifies risks associated with generative AI tools?(Required)
What are, or do you think would be, the most important reasons for implementing generative AI security measures? (Select up to three)(Required)

×